Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 32 Avast.. Trojan


  • This topic is locked This topic is locked
23 replies to this topic

#1 big boy

big boy

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 28 May 2008 - 05:55 PM

hello. avast has told me i have the win32 trojan, so i am enclosing my log. please help..

questions.. is it a virus. ? if yes, then why could avast not nremove it. ?? is it a crap anti-virus.?


here is my log.. thanks.


ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:39, on 28/05/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Users\PAULAN~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6765 bytes

BC AdBot (Login to Remove)

 


#2 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 30 May 2008 - 06:21 AM

is there any help please...

#3 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:01:18 PM

Posted 25 June 2008 - 05:58 AM

Hi big boy,

I'm sorry it's taken so long for you to get a response, if you still need help please do as follows:

Download Deckard's System Scanner (DSS) to your Desktop (right-click the link, select Save Target As..., select your Desktop and press Save)
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Make sure Format->Word Wrap is unchecked
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your reply
Once complete, please post both DSS logs, you won't need to produce a new HijackThis log as DSS produces one for you.
Teacher at Malware Removal University | ASAP & UNITE Member

#4 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 25 June 2008 - 08:55 AM

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2037.27 MiB / 1109.51 MiB
Pagefile Memory (total/avail): 4307.83 MiB / 3231.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.7 MiB

C: is Fixed (NTFS) - 51.14 GiB total, 22.23 GiB free.
D: is Fixed (NTFS) - 50.89 GiB total, 50.78 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS542512K9SA00 ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 51.14 GiB - C:
\PARTITION2 - Installable File System - 50.89 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: avast! antivirus 4.8.1201 [VPS 080625-0] v4.8.1201 (ALWIL Software) Disabled
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled
AS: Spy Sweeper v5.5.7.48 (Webroot Software Inc) Disabled
AS: avast! antivirus 4.8.1201 [VPS 080625-0] v4.8.1201 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\paul and penny\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAULANDPENNY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\paul and penny
LOCALAPPDATA=C:\Users\paul and penny\AppData\Local
LOGONSERVER=\\PAULANDPENNY-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\PAULAN~1\AppData\Local\Temp
TMP=C:\Users\PAULAN~1\AppData\Local\Temp
USERDOMAIN=paulandpenny-PC
USERNAME=paul and penny
USERPROFILE=C:\Users\paul and penny
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

paul and penny (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.EXE" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins001.exe"
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Amazing Adventures The Lost Tomb --> "C:\Program Files\Acer GameZone\Amazing Adventures The Lost Tomb\Uninstall.exe" "C:\Program Files\Acer GameZone\Amazing Adventures The Lost Tomb\install.log"
Amazonia --> "C:\Program Files\Acer GameZone\Amazonia\Uninstall.exe" "C:\Program Files\Acer GameZone\Amazonia\install.log"
Ashampoo Music Studio 2007 --> "C:\Program Files\Ashampoo\Ashampoo Music Studio 2007\Uninstall\0330_Uninstall.EXE"
Ashampoo Photo Commander 6.10 --> "C:\Program Files\Ashampoo\Ashampoo Photo Commander 6\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Big Kahuna Reef --> C:\PROGRA~1\GAMEHO~1\BIGKAH~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BIGKAH~1\INSTALL.LOG
Bricks of Egypt --> "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chromadrome 2 --> "C:\Program Files\Acer GameZone\Chromadrome 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Chromadrome 2\install.log"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Dynasty --> "C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{2F9DFF65-7A7A-4B70-A53D-378EE67F9F25}
ebgcRes --> MsiExec.exe /X{D968C4E0-022A-461D-A69E-19A4E7A55000}
ebgcRes --> MsiExec.exe /X{E9C14E4B-4CEE-4A43-B5CE-5E190CA4B1C7}
ebgcRes --> MsiExec.exe /X{F0E603C9-8AE2-4015-A637-1E40B36E8139}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
ebgcSDK --> MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Galapago --> "C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest --> C:\PROGRA~1\GAMEHO~1\JEWELQ~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\JEWELQ~1\INSTALL.LOG
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Luxor --> C:\PROGRA~1\GAMEHO~1\Luxor\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Luxor\INSTALL.LOG
Mah Jong Medley --> C:\PROGRA~1\GAMEHO~1\MAHJON~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~1\INSTALL.LOG
Mahjong Escape Ancient China --> C:\PROGRA~1\GAMEHO~1\MAHJON~2\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~2\INSTALL.LOG
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NetMeter 1.1.3 --> "C:\Program Files\NetMeter\unins000.exe"
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7 --> C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
Rainforest Adventure --> C:\PROGRA~1\GAMEHO~1\RAINFO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\RAINFO~1\INSTALL.LOG
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Super Collapse! from GameHouse --> C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Legend of El Dorado Deluxe --> C:\PROGRA~1\GAMEHO~1\THELEG~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\THELEG~1\INSTALL.LOG
Treasures of the Deep --> C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Word Slinger --> C:\PROGRA~1\GAMEHO~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WORDSL~1\INSTALL.LOG
Zuma Deluxe --> C:\PROGRA~1\GAMEHO~1\Zuma\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Zuma\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type18093 / Success
Event Submitted/Written: 06/25/2008 01:41:17 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type18090 / Success
Event Submitted/Written: 06/25/2008 01:41:11 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type18083 / Success
Event Submitted/Written: 06/25/2008 01:40:34 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type18065 / Warning
Event Submitted/Written: 06/24/2008 10:01:51 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1308273410-1801416135-2575181663-1000_Classes:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1308273410-1801416135-2575181663-1000_CLASSES

Event Record #/Type18063 / Warning
Event Submitted/Written: 06/24/2008 10:01:49 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1308273410-1801416135-2575181663-1000:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1308273410-1801416135-2575181663-1000



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type69949 / Error
Event Submitted/Written: 06/25/2008 01:40:40 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type69946 / Error
Event Submitted/Written: 06/25/2008 01:40:33 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 001DD90190B9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type69945 / Warning
Event Submitted/Written: 06/25/2008 01:40:33 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DD90190B9. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type69937 / Warning
Event Submitted/Written: 06/25/2008 01:40:18 PM
Event ID/Source: 4 / b57nd60x
Event Description:
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type69925 / Warning
Event Submitted/Written: 06/24/2008 10:01:56 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-06-25 14:47:45 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® Dual CPU T2310 @ 1.46GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2037.27 MiB / 1109.51 MiB
Pagefile Memory (total/avail): 4307.83 MiB / 3231.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1894.7 MiB

C: is Fixed (NTFS) - 51.14 GiB total, 22.23 GiB free.
D: is Fixed (NTFS) - 50.89 GiB total, 50.78 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS542512K9SA00 ATA Device - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 9.76 GiB
\PARTITION1 (bootable) - MS-DOS V4 Huge - 51.14 GiB - C:
\PARTITION2 - Installable File System - 50.89 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: COMODO Firewall Pro v3.0 (COMODO)
AV: avast! antivirus 4.8.1201 [VPS 080625-0] v4.8.1201 (ALWIL Software) Disabled
AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: SUPERAntiSpyware v4, 0, 0, 1154 (SUPERAntiSpyware.com) Disabled
AS: Spy Sweeper v5.5.7.48 (Webroot Software Inc) Disabled
AS: avast! antivirus 4.8.1201 [VPS 080625-0] v4.8.1201 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe:*:Enabled:eDSfsu"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe:*:Enabled:encryption"
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"="C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe:*:Enabled:decryption"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\paul and penny\AppData\Roaming
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PAULANDPENNY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\paul and penny
LOCALAPPDATA=C:\Users\paul and penny\AppData\Local
LOGONSERVER=\\PAULANDPENNY-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\PAULAN~1\AppData\Local\Temp
TMP=C:\Users\PAULAN~1\AppData\Local\Temp
USERDOMAIN=paulandpenny-PC
USERNAME=paul and penny
USERPROFILE=C:\Users\paul and penny
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

paul and penny (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.EXE" -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
a-squared Free 3.5 --> "C:\Program Files\a-squared Free\unins001.exe"
Acer Arcade Deluxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly -u
Acer Crystal Eye webcam --> C:\Program Files\InstallShield Installation Information\{AA047D7C-5E7C-4878-B75C-77589151B563}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer eDataSecurity Management --> C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL
Acer eLock Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly
Acer Empowering Technology --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0x9 -removeonly
Acer eNet Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0x9 -removeonly
Acer ePower Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0x9 -removeonly
Acer ePresentation Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly
Acer eSettings Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0x9 -removeonly
Acer GridVista --> C:\Windows\UnInst32.exe GridV.UNI
Acer Mobility Center Plug-In --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly
Acer ScreenSaver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer Tour --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
ALPS Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
Amazing Adventures The Lost Tomb --> "C:\Program Files\Acer GameZone\Amazing Adventures The Lost Tomb\Uninstall.exe" "C:\Program Files\Acer GameZone\Amazing Adventures The Lost Tomb\install.log"
Amazonia --> "C:\Program Files\Acer GameZone\Amazonia\Uninstall.exe" "C:\Program Files\Acer GameZone\Amazonia\install.log"
Ashampoo Music Studio 2007 --> "C:\Program Files\Ashampoo\Ashampoo Music Studio 2007\Uninstall\0330_Uninstall.EXE"
Ashampoo Photo Commander 6.10 --> "C:\Program Files\Ashampoo\Ashampoo Photo Commander 6\unins000.exe"
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
Big Kahuna Reef --> C:\PROGRA~1\GAMEHO~1\BIGKAH~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\BIGKAH~1\INSTALL.LOG
Bricks of Egypt --> "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chromadrome 2 --> "C:\Program Files\Acer GameZone\Chromadrome 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Chromadrome 2\install.log"
COMODO Firewall Pro --> C:\Program Files\COMODO\Firewall\cfpconfg.exe -u
Dynasty --> "C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log"
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{2F9DFF65-7A7A-4B70-A53D-378EE67F9F25}
ebgcRes --> MsiExec.exe /X{D968C4E0-022A-461D-A69E-19A4E7A55000}
ebgcRes --> MsiExec.exe /X{E9C14E4B-4CEE-4A43-B5CE-5E190CA4B1C7}
ebgcRes --> MsiExec.exe /X{F0E603C9-8AE2-4015-A637-1E40B36E8139}
ebgcSDK --> MsiExec.exe /X{13AD768A-9E04-499D-AE80-967A65DCCBA5}
ebgcSDK --> MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
Eusing Free Registry Cleaner --> C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Galapago --> "C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log"
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118\UIU32m.exe -U -IAcrZUn32z.inf
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Jewel Quest --> C:\PROGRA~1\GAMEHO~1\JEWELQ~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\JEWELQ~1\INSTALL.LOG
Launch Manager --> C:\Windows\UnInst32.exe LManager.UNI
LimeWire 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Luxor --> C:\PROGRA~1\GAMEHO~1\Luxor\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Luxor\INSTALL.LOG
Mah Jong Medley --> C:\PROGRA~1\GAMEHO~1\MAHJON~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~1\INSTALL.LOG
Mahjong Escape Ancient China --> C:\PROGRA~1\GAMEHO~1\MAHJON~2\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAHJON~2\INSTALL.LOG
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
NetMeter 1.1.3 --> "C:\Program Files\NetMeter\unins000.exe"
NTI Backup NOW! 4.7 --> "C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly
NTI Backup NOW! 4.7 --> C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
PowerProducer 3.72 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall
Rainforest Adventure --> C:\PROGRA~1\GAMEHO~1\RAINFO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\RAINFO~1\INSTALL.LOG
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Super Collapse! from GameHouse --> C:\PROGRA~1\GAMEHO~1\Collapse\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Collapse\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
The Legend of El Dorado Deluxe --> C:\PROGRA~1\GAMEHO~1\THELEG~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\THELEG~1\INSTALL.LOG
Treasures of the Deep --> C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Word Slinger --> C:\PROGRA~1\GAMEHO~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\WORDSL~1\INSTALL.LOG
Zuma Deluxe --> C:\PROGRA~1\GAMEHO~1\Zuma\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\Zuma\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type18093 / Success
Event Submitted/Written: 06/25/2008 01:41:17 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type18090 / Success
Event Submitted/Written: 06/25/2008 01:41:11 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type18083 / Success
Event Submitted/Written: 06/25/2008 01:40:34 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type18065 / Warning
Event Submitted/Written: 06/24/2008 10:01:51 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1308273410-1801416135-2575181663-1000_Classes:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1308273410-1801416135-2575181663-1000_CLASSES

Event Record #/Type18063 / Warning
Event Submitted/Written: 06/24/2008 10:01:49 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-1308273410-1801416135-2575181663-1000:
Process 980 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1308273410-1801416135-2575181663-1000



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type69949 / Error
Event Submitted/Written: 06/25/2008 01:40:40 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type69946 / Error
Event Submitted/Written: 06/25/2008 01:40:33 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.2 for the Network Card with network address 001DD90190B9 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type69945 / Warning
Event Submitted/Written: 06/25/2008 01:40:33 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DD90190B9. The following error occurred:
%%2163146757. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Event Record #/Type69937 / Warning
Event Submitted/Written: 06/25/2008 01:40:18 PM
Event ID/Source: 4 / b57nd60x
Event Description:
Broadcom NetLink ™ Fast Ethernet: The network link is down. Check to make sure the network cable is properly connected.

Event Record #/Type69925 / Warning
Event Submitted/Written: 06/24/2008 10:01:56 PM
Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig
Event Description:




-- End of Deckard's System Scanner: finished at 2008-06-25 14:47:45 ------------

#5 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:01:18 PM

Posted 25 June 2008 - 08:59 PM

Hi big boy,

You have posted the DSS extra.txt log twice, I would like to see the main.txt log before proceeding.

You should find the original main.txt located in this folder or a subfolder under it named with the date and time of the scan:
C:\Deckard\System Scanner

If you can't find it for any reason, you can make another one as follows:
  • Make sure DSS.exe is on your Desktop
  • Press Start, copy/paste the following command into the search box and press enter:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked in the Main Log section, then un-check everything in the Extra Log section and press Scan!
Once complete, please post the new DSS main.txt report.
Teacher at Malware Removal University | ASAP & UNITE Member

#6 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 26 June 2008 - 09:18 AM

07-07-25 19:46:20 {NOTICE} [RegOpenKeyExW] SOFTWARE\Acer\eDataSecurity ThreadId:[3924] Time:[19:46:20.811]
2007-07-25 19:46:20 {NOTICE} [RegCom32] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [RegCom32] bReg= true ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\eDSshellExt.dll error=18 ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\eDStoolbar.dll error=18 ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\OAddin.dll error=18 ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\ActiveToolBand.dll error=18 ThreadId:[1376] Time:[19:46:20.952]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.952]
2007-07-25 19:46:21 {NOTICE} [InstallPSDDriver] ==============Enter======================= ThreadId:[4080] Time:[19:46:21.030]
2007-07-25 19:46:21 {NOTICE} [systemDir] C:\Windows\system32 ThreadId:[4080] Time:[19:46:21.030]
2007-07-25 19:46:23 {NOTICE} [ShellExecute] command32=setupapi,InstallHinfSection DefaultInstall 128 C:\Windows\system32\PSDFilter.inf iRtn2=42 ThreadId:[4080] Time:[19:46:23.104]

#7 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 26 June 2008 - 09:28 AM

07-07-25 19:46:20 {NOTICE} [RegOpenKeyExW] SOFTWARE\Acer\eDataSecurity ThreadId:[3924] Time:[19:46:20.811]
2007-07-25 19:46:20 {NOTICE} [RegCom32] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [RegCom32] bReg= true ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.827]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\eDSshellExt.dll error=18 ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.889]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\eDStoolbar.dll error=18 ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.905]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\OAddin.dll error=18 ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [RegCom] ==============Enter======================= ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [Wow64DisableWow64FsRedirection] command=C:\Windows\system32\regsvr32.exe /s ThreadId:[1376] Time:[19:46:20.936]
2007-07-25 19:46:20 {NOTICE} [CreateProcess] fullcommand=C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\ActiveToolBand.dll error=18 ThreadId:[1376] Time:[19:46:20.952]
2007-07-25 19:46:20 {NOTICE} [Wow64RevertWow64FsRedirection] platform=32 ThreadId:[1376] Time:[19:46:20.952]
2007-07-25 19:46:21 {NOTICE} [InstallPSDDriver] ==============Enter======================= ThreadId:[4080] Time:[19:46:21.030]
2007-07-25 19:46:21 {NOTICE} [systemDir] C:\Windows\system32 ThreadId:[4080] Time:[19:46:21.030]
2007-07-25 19:46:23 {NOTICE} [ShellExecute] command32=setupapi,InstallHinfSection DefaultInstall 128 C:\Windows\system32\PSDFilter.inf iRtn2=42 ThreadId:[4080] Time:[19:46:23.104]

#8 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:01:18 PM

Posted 26 June 2008 - 07:33 PM

Hi big boy,

I'm not sure what log you posted there, but it's not the one we need. I'm sorry if the instructions weren't clear, please try this and tell me if you have any difficulties:
  • Make sure DSS.exe is on your Desktop
  • Press Start, copy/paste the following command into the search box and press enter:

    "%userprofile%\desktop\dss.exe" /config

  • A configuration box will appear, make sure all boxes are checked in the Main Log section, then un-check everything in the Extra Log section and press Scan!
Once complete, please post the new DSS main.txt report.

Edited by silver, 26 June 2008 - 07:33 PM.

Teacher at Malware Removal University | ASAP & UNITE Member

#9 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 27 June 2008 - 08:50 AM

sorry i cannot post the correct log for you. firstly the download or any download will not be saved to the desktop it goes into the downloads in windows.
i can send a short cut to the desk top but that has not got any saved logs. if i start from scratch the same thing happens.
advice needed thanks.

#10 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 27 June 2008 - 04:12 PM

eckard's System Scanner v20071014.68
Run by paul and penny on 2008-06-27 21:59:15
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as paul and penny.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:00:07, on 27/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\paul and penny\Downloads\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\PAULAN~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] "C:\Program Files\NetMeter\NetMeter.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6720 bytes

-- Files created between 2008-05-27 and 2008-06-27 -----------------------------

2008-06-22 22:57:38 0 d-------- C:\Windows\Sun
2008-06-20 21:25:50 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-11 16:11:12 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-06-06 23:04:11 0 d-------- C:\Program Files\iPod
2008-06-06 23:03:50 0 d-------- C:\Program Files\iTunes
2008-06-06 23:01:59 0 d-------- C:\Program Files\Bonjour
2008-06-06 22:59:02 0 d-------- C:\Program Files\QuickTime
2008-06-06 22:59:00 0 d-------- C:\Users\All Users\Apple Computer
2008-06-06 22:58:12 0 d-------- C:\Program Files\Apple Software Update
2008-06-06 22:53:50 0 d-------- C:\Program Files\Common Files\Apple
2008-06-06 17:09:22 0 d-------- C:\Program Files\Yahoo!
2008-06-03 22:46:00 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-06-03 20:45:19 0 d-------- C:\Users\All Users\Intenium
2008-06-03 20:39:54 0 d-------- C:\My Games
2008-06-03 20:33:21 0 d-------- C:\Program Files\RealArcade
2008-06-02 16:11:08 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-06-01 20:13:24 0 d-------- C:\Users\All Users\comodo
2008-06-01 20:13:21 0 d-------- C:\Program Files\COMODO
2008-05-31 21:33:42 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-05-29 22:16:21 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-29 15:22:02 68096 --a------ C:\Windows\zip.exe
2008-05-29 15:22:02 49152 --a------ C:\Windows\VFind.exe
2008-05-29 15:22:02 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-29 15:22:02 98816 --a------ C:\Windows\sed.exe
2008-05-29 15:22:02 80412 --a------ C:\Windows\grep.exe
2008-05-29 15:22:02 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-29 15:21:39 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-28 23:18:15 0 d-------- C:\Program Files\Trend Micro
2008-05-27 16:40:13 0 d-------- C:\Program Files\AVG
2008-05-27 16:28:33 0 d-------- C:\PerfLogs
2008-05-27 16:20:13 0 d-------- C:\Program Files\Anti Trojan Elite


-- Find3M Report ---------------------------------------------------------------

2008-06-27 16:23:50 0 d-------- C:\Users\paul and penny\AppData\Roaming\LimeWire
2008-06-25 16:40:08 0 d-------- C:\Program Files\GameHouse
2008-06-24 13:32:19 0 d-------- C:\Users\paul and penny\AppData\Roaming\GameHouse
2008-06-22 22:42:35 0 d-------- C:\Program Files\LimeWire
2008-06-22 21:46:09 0 d-------- C:\Users\paul and penny\AppData\Roaming\OpenOffice.org2
2008-06-20 21:25:50 0 d-------- C:\Program Files\Common Files
2008-06-20 15:15:04 0 d-------- C:\Program Files\a-squared Free
2008-06-19 22:17:10 0 d-------- C:\Program Files\Enigma Software Group
2008-06-19 21:48:43 0 d-------- C:\Users\paul and penny\AppData\Roaming\Mozilla
2008-06-18 14:06:09 0 d-------- C:\Users\paul and penny\AppData\Roaming\Comodo
2008-06-16 13:38:10 0 d-------- C:\Program Files\Google
2008-06-15 17:13:43 0 d-------- C:\Users\paul and penny\AppData\Roaming\Google
2008-06-12 15:31:31 0 d-------- C:\Users\paul and penny\AppData\Roaming\NetMeter
2008-06-12 15:31:27 0 d-------- C:\Program Files\CCleaner
2008-06-06 23:05:12 0 d-------- C:\Users\paul and penny\AppData\Roaming\Apple Computer
2008-06-03 22:44:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-03 21:02:03 0 d-------- C:\Program Files\Ashampoo
2008-06-02 16:09:57 0 d-------- C:\Program Files\Java
2008-05-31 22:40:43 0 d-------- C:\Users\paul and penny\AppData\Roaming\TrojanHunter
2008-05-31 21:04:45 0 d-------- C:\Program Files\NetMeter
2008-05-30 16:11:23 0 d-------- C:\Users\paul and penny\AppData\Roaming\Ashampoo Photo Commander 6
2008-05-28 22:51:47 0 d-------- C:\Users\paul and penny\AppData\Roaming\Ashampoo
2008-05-27 16:36:35 174 --ahs---- C:\Program Files\desktop.ini
2008-05-27 16:29:15 0 d-------- C:\Program Files\Windows Sidebar
2008-05-27 16:29:15 0 d-------- C:\Program Files\Windows Mail
2008-05-27 16:29:15 0 d-------- C:\Program Files\Windows Calendar
2008-05-27 16:29:15 0 d-------- C:\Program Files\Movie Maker
2008-05-27 16:29:14 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-27 16:29:14 0 d-------- C:\Program Files\Windows Journal
2008-05-27 16:29:14 0 d-------- C:\Program Files\Windows Collaboration
2008-05-27 16:29:11 0 d-------- C:\Program Files\Windows Defender
2008-05-15 13:36:25 0 d-------- C:\Users\paul and penny\AppData\Roaming\iWin
2008-05-09 15:00:05 0 d-------- C:\Users\paul and penny\AppData\Roaming\Template
2008-05-09 14:59:46 0 --a------ C:\Users\paul and penny\AppData\Roaming\wklnhst.dat
2008-05-07 21:21:47 0 d-------- C:\Users\paul and penny\AppData\Roaming\CyberLink
2008-05-04 22:59:16 0 d-------- C:\Program Files\Common Files\Real
2008-05-04 22:59:15 0 d-------- C:\Users\paul and penny\AppData\Roaming\Real


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

#11 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 27 June 2008 - 04:14 PM

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [25/03/2008 19:08]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [16/05/2008 00:19]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [18/06/2008 14:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [19/07/2007 23:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C:\Program Files\NetMeter\NetMeter.exe"="C:\Program Files\NetMeter\NetMeter.exe" [11/08/2007 15:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^paul and penny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\Windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^paul and penny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.4.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
"C:\Program Files\Apoint2K\Apoint.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\Program Files\NetMeter\NetMeter.exe]
"C:\Program Files\NetMeter\NetMeter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSet]
"rundll32.exe" C:\Windows\PLFSet.dll,PLFDefSetting

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"="rundll32.exe" oobefldr.dll,ShowWelcomeCenter
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=C:\Windows\ehome\ehTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe
"RtHDVCpl"=RtHDVCpl.exe
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe
"IgfxTray"=C:\Windows\system32\igfxtray.exe
"Persistence"=C:\Windows\system32\igfxpers.exe
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-27 22:07:04 ------------

#12 silver

silver

  • Members
  • 480 posts
  • OFFLINE
  •  
  • Location:GMT+7
  • Local time:01:18 PM

Posted 27 June 2008 - 09:38 PM

Hi big boy,

I'm glad you got DSS working :thumbsup: we have to temporarily disable some of your protection software so it won't interfere with the changes we need to make. We will re-enable these when your machine is clean.

Temporarily disable Windows Defender:
  • Open Start->All Programs->Windows Defender
  • Click on Tools from the top menu, then press Options
  • Scroll down to Real-time protection options, uncheck Use real-time protection and press Save
  • Close Windows Defender
Temporarily disable Spy Sweeper
  • Open Spysweeper and click on Options->Program Options and uncheck Load at Windows Startup
  • On the left side click Shields and then uncheck everything there
  • Uncheck Home Page Shield
  • Uncheck Automatically restore default without notification
  • Exit the program
Temporarily disable Trojanhunter Guard
  • Find the Trojanhunter Guard icon in the lower right corner of your screen - it's is a light blue magnifying glass icon with a red handle
  • Right click it and select Settings
  • Uncheck Load at startup and Enabled
------------------------------------------------------------------------

Right-click the HijackThis program or shortcut, and choose Run as administrator to start the program
Choose Do a system scan only and place a checkmark next to the following lines:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - (no file)

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

------------------------------------------------------------------------
  • Open Internet Explorer by right-clicking the IE icon (on the Start menu or quick launch) and selecting Run as administrator
  • NOTE: Internet Explorer will temporarily have administrator privileges, this is required for the scan but dangerous for normal surfing so do NOT open any other websites in IE until after the scan has finished and this window has been closed.
  • Then click this link to open Kaspersky Online Scanner:
    http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html
  • Press on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Click on the Save Report As... button.
  • Change the file type to Text file (*.txt), type a filename such as kaspersky and save it to your Desktop
  • Post the contents of the report in your next response.
  • Please be sure to close this Internet Explorer window before continuing.
------------------------------------------------------------------------

Once complete, please post the Kaspersky report and a new HijackThis log.
Also, let me know if you are still getting the detections from your antivirus program.
Teacher at Malware Removal University | ASAP & UNITE Member

#13 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 29 June 2008 - 02:27 PM

hi silver hope i have done your instructions to the book.? here is the first result.

KASPERSKY ONLINE SCANNER REPORT
Sunday, June 29, 2008 6:08:50 PM
Operating System: Microsoft Windows Vista Home Edition, Service Pack 1 (Build 6001)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/06/2008
Kaspersky Anti-Virus database records: 897014
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 98053
Number of viruses found 1
Number of infected objects 2
Number of suspicious objects 0
Duration of the scan process 02:17:28

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\ProgramData\comodo\common\db\sigsdb.db Object is locked skipped
C:\ProgramData\comodo\Firewall Pro\cfplogdb.sdb Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.5.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy4.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfEDE6.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfEDE7.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\UsrClass.dat{4e301219-d0f8-11dc-9042-001b385457dc}.TM.blf Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\UsrClass.dat{4e301219-d0f8-11dc-9042-001b385457dc}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\paul and penny\AppData\Local\Microsoft\Windows\UsrClass.dat{4e301219-d0f8-11dc-9042-001b385457dc}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\paul and penny\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\paul and penny\Documents\LimeWire\Saved\adele chasing pavments.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Users\paul and penny\Documents\LimeWire\Saved\Heaven 17 - Heaven 17 - Come live with me.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped
C:\Users\paul and penny\ntuser.dat Object is locked skipped
C:\Users\paul and penny\ntuser.dat.LOG1 Object is locked skipped
C:\Users\paul and penny\ntuser.dat.LOG2 Object is locked skipped
C:\Users\paul and penny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Users\paul and penny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\paul and penny\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{7F91CFDE-3A6C-4AC5-A97B-3B4697E6FA2C}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{f4f129f9-3888-11dd-b565-001b385457dc}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{f4f129f9-3888-11dd-b565-001b385457dc}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{f4f129f9-3888-11dd-b565-001b385457dc}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{f4f129f9-3888-11dd-b565-001b385457dc}.TxR.blf Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

#14 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 29 June 2008 - 02:31 PM

this is hijack this result all scanned

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:40, on 29/06/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] "C:\Program Files\NetMeter\NetMeter.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6002 bytes

#15 big boy

big boy
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 29 June 2008 - 02:38 PM

my anti-virus AVAST no longers tells me i have a virus. eversince it told me it was win32 virus and it was found in a game, i deleted the file and game.
and then ran ccleaner silver thanks for your help and time. paul.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users